华为FusionCube 500-8.2.0SPC100 实施部署文档

环境：

• 产品：FusionCube 500
• 版本：8.2.0.SPC100
• 场景：虚拟化基础设施
• 平台：FusionCompute
• 两节点 MCNA * 2
• 硬件部署（塔式交付场景）
• 免交换组网（配置AR卡）

前置准备

组网规划

节点说明

连接信号线缆（GPU模组场景）

软件清单

地址规划

默认参数

AR卡配置

两张AR卡除管理地址外，其他相同配置

sysname AR-10
#
 drop illegal-mac alarm
#
ipv6
#
vlan batch 4050
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
dhcp enable
#
radius-server template default
#
pki realm default
 certificate-check none
#
ssl policy default_policy type server     
 pki-realm default
 version tls1.2 
 ciphersuite rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384 
#
acl name firewall 3001  
 rule 99 permit icmp 
 rule 100 permit ip 
#
ike proposal default
 encryption-algorithm aes-256 aes-192 aes-128 
 dh group14 
 authentication-algorithm sha2-512 sha2-384 sha2-256 
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256 
 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
 authentication-scheme default
  authentication-mode local
 authentication-scheme radius             
  authentication-mode radius
 authorization-scheme default
  authorization-mode local
 accounting-scheme default
  accounting-mode none
 local-aaa-user password policy administrator
  password history record number 0
  password alert before-expire 90
  password expire 365
 domain default
  authentication-scheme default
  accounting-scheme default
  radius-server default
 domain default_admin
  authentication-scheme default
  accounting-scheme default
 local-user admin password irreversible-cipher $1a$Lu<k"V],m@$3WD#6hoY{/F<|%GG:}M0x\uVUripT!J0PjIf&kr&$
 local-user admin privilege level 15
 local-user admin ftp-directory flash:
 local-user admin service-type terminal ssh ftp http
 local-user administrator password irreversible-cipher $1a$gPNq!<&#%,${\=7'vc"bX`O_nHhsO{V+oqnVNK.-AWK%kTqh07>$
 local-user administrator privilege level 15
 local-user administrator ftp-directory flash:
 local-user administrator service-type terminal ssh ftp http
#
web
 set fast-configuration state disable
#
firewall zone untrust
 priority 1
#
firewall zone trust
 priority 15
#
firewall zone Local
#
firewall interzone trust untrust
 firewall enable
 packet-filter 3001 inbound
#
mi-server
#
interface Vlanif1
 ipv6 enable
 ip address 192.168.40.25 255.255.254.0
 ipv6 address auto link-local
 ipv6 address auto global
 zone trust                               
#
interface Eth-Trunk1
 port hybrid tagged vlan 1 to 4094
#
interface GigabitEthernet0/0/0
 port hybrid tagged vlan 4050
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 combo-port fiber
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 combo-port fiber
 eth-trunk 1
#
interface GigabitEthernet0/0/4
 description WAN
 zone untrust
#
interface GigabitEthernet0/0/5
 shutdown
#                                         
interface GigabitEthernet0/0/6
 stp edged-port enable
 undo negotiation auto
#
interface GigabitEthernet0/0/7
 stp edged-port enable
 undo negotiation auto
#
interface GigabitEthernet0/0/8
 stp edged-port enable
 undo negotiation auto
#
interface GigabitEthernet0/0/9
 stp edged-port enable
 undo negotiation auto
#
interface GigabitEthernet0/0/10
 description VirtualPort
 ipv6 enable
 ipv6 address auto link-local
 ipv6 address auto global default
 ip address dhcp-alloc
 ipv6 address auto dhcp
#                                         
interface XGigabitEthernet0/0/0
 port hybrid tagged vlan 4050
 stp edged-port enable
#
interface XGigabitEthernet0/0/1
 port hybrid tagged vlan 4050
 stp edged-port enable
#
interface XGigabitEthernet0/0/2
 port hybrid tagged vlan 4050
 stp edged-port enable
#
interface XGigabitEthernet0/0/3
 port hybrid tagged vlan 4050
 stp edged-port enable
#
interface NULL0
#
cellular profile default
 modem auto-recovery dial action modem-reboot fail-times 128
 modem auto-recovery icmp-unreachable action modem-reboot
 modem auto-recovery services-unavailable action modem-reboot test-times 0 interval 3600
#
undo icmp name timestamp-request receive  
#
 snmp-agent local-engineid 800007DB03509A887F2262
 snmp-agent group v3 huawei_group privacy write-view Huawei_view notify-view Huawei_view
 snmp-agent target-host trap-hostname aaa address 192.168.40.10 udp-port 10162 trap-paramsname abc
 snmp-agent target-host trap-paramsname abc v3 securityname %^%#,UVE+tGAE0pDz+;[6c>0"e8k*}_4BS<H3MIpdAz4%^%# privacy
 snmp-agent mib-view Huawei_view include iso 
 snmp-agent usm-user v3 fc2mgmt
 snmp-agent usm-user v3 fc2mgmt group huawei_group
 snmp-agent usm-user v3 fc2mgmt authentication-mode sha2-256 %^%#Q#%}.1YsO57/0U"IZ,PKiTUD17H^AP82TcSxtjjC%^%#
 snmp-agent usm-user v3 fc2mgmt privacy-mode aes128 %^%#z[0uH3DW;:0DhMLY!xo<fc\"(mbR,AT;p5Sy>t&A%^%#
 snmp-agent trap source Vlanif1
 snmp-agent trap enable
 snmp-agent extend error-code enable
 snmp-agent permit interface all
 snmp-agent 
#
 ssh user admin authentication-type password
 ssh user administrator authentication-type password
 ssh server compatible-ssh1x enable
 sftp server enable 
Nov 18 2024 09:44:55+00:00 AR-10 IFNET/1/IF_LINKUP:OID 1.3.6.1.6.3.1.1.5.4 Interface 15 turned into UP state.(AdminStatus=1,OperStatus=1,InterfaceName=XGigabitEthernet0/0/2) 
 stelnet server enable 
 ssh server permit interface all
#                                         
ip route-static 0.0.0.0 0.0.0.0 192.168.40.7
#
fib regularly-refresh disable
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
#
wlan ac
 traffic-profile name default
 security-profile name default
 security-profile name default-wds
  security wpa2 psk pass-phrase %^%#Nc-s~'BUv6\PFy58UJ!G5#MJ1^iY.OKSC)ZhF@HD%^%# aes
 ssid-profile name default
 vap-profile name default
 wds-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default                
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
voice 
 #
 enterprise default
 #
 diagnose
#
ops
#
autostart
#
secelog
#
 ms-channel 
 #                                         
return

检查iBMC的fc2mgm用户

检查节点BMC管理是否存在用户"fc2mgmt",如果没有需要给节点BMC添加用户"fc2mgmt"

升级节点固件

升级节点固件，包括但不限于BIOS、CPLD、iBMC到指定版本

安装

FCB 需配置和iBMC同网段地址
修改FCB WebUI超时时间

使用浏览器登录https://<fusioncube_builder_IP>:8443，输入用户admin和密码，登录部署工具界面。
选择安装场景和虚拟化平台类型，使用默认"FusionSphere"，点击下一步

选择自动发现，并输入fc2mgmt用户密码

开始扫描发现节点

配置网络：（使用管理平面和BMC平面合并部署）

检验参数配置

上传软件并校验

校验通过后开始安装

安装软件环境

上一步校验完成后，提示是否开始安装，点击"确定"开始安装

2节点同时安装

软件安装完成，点击"完成"按钮

显示安装成功

安装完成后，此时FusionCompute平台已经可以登录管理。

初始化FusionCube Vision

使用浏览器登录FusionCube Vision管理浮动IP，输入用户名密码admin\公共密码(即fc2mgmt密码)

点击"初始化"按钮

输入公共密码

添加证书 (安装手册下载证书并上传)

信任主机

网络初始化

设置数据冗余策略2副本

校验配置参数

校验配置参数，完成后点击"初始化"按钮

初始化完成，点击"确定"按钮

修改密码

勾选"使用相同的密码"

点击"确定"完成初始化。